search

sudo-project / sudo

Utility to execute a command as another user
https://www.sudo.ws
Other
1.14k stars 209 forks source link

LDAP schema for IBM Directory Server #384

Closed aklyachkin closed 1 week ago

aklyachkin commented 2 weeks ago

Hi,

I occasionally found that schema.iPlanet doesn't work with IBM Directory Server even if it is iPlanet-compatible. I did my own schema, which works with IBM Tivoli Directory Server, IBM Security Directory Server, IBM Security Verify Directory and which name IBM ever invent for their LDAP server.

I tested schema with sudo 1.9.15. It works.

Plase include it into docs:

dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.1 DBNAME( 'sudoUser' 'sudoUser' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.2 DBNAME( 'sudoHost' 'sudoHost' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.3 DBNAME( 'sudoCommand' 'sudoCommand' ) ACCESS-CLASS normal LENGTH 2048 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.4 DBNAME( 'sudoRunAs' 'sudoRunAs' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.5 DBNAME( 'sudoOption' 'sudoOption' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.6 DBNAME( 'sudoRunAsUser' 'sudoRunAsUser' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.7 DBNAME( 'sudoRunAsGroup' 'sudoRunAsGroup' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.8 DBNAME( 'sudoNotBefore' 'sudoNotBefore' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.9 DBNAME( 'sudoNotAfter' 'sudoNotAfter' ) ACCESS-CLASS normal LENGTH 512 )

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
add: ibmattributetypes
ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.10 DBNAME( 'sudoOrder' 'sudoOrder' ) ACCESS-CLASS normal )

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) )
millert commented 1 week ago

Thanks, I've added this to the docs directory as schema.IBM_LDAP.